Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
justAnotheradmin
New Contributor

Connect Fortigate to internet with 2 ISP routers (with their own set ip public ip adress)

Hello

 

I currently have a Fortigate managed through Fortimanager with 1 Uplink ISP router (let's call it OLD router), I use it for outgoing traffic to have my servers reach internet, and I also use Virtual IPs to NAT incoming trafic to some web servers on a public-ip basis.

default route 0.0.0.0 -> interface going from forti to the OLD ISP router


For bandwidth reasons, I Need to add another Router (NEW router) with the same specs and needs, to my fortigate.

So I can have 3 specific LAN servers use the NEW router and not the OLD one.

 

 

I wonder what is the best course of action to do so (I'm ok about the ports/vlans/creating the interface) :

 

- Should I just add another default route 0.0.0.0 -> interface going from forti to the NEW ISP router

and create policies using this interface ?

 

- Or would I also need to create some policy routing (which I never did ever) ? What would these policy have to look like to make sure using my new isp router does'nt break the usage of the old one ?

 

Thanks for your answers and consideration.
Mike/

1 Solution
mpatel

If you do not want to make any changes to the existing policies/routes and any references associated with the interfaces connected to he OLD router then what you mentioned in your origin post would be the way to go.

Add another default route 0.0.0.0 -> interface going from forti to the NEW ISP router

and create policies using this interface? However keep in mind you will have to maintain both routes in the routing table with same distance and different priority. This will require policy routes to govern outbound traffic over preferred interfaces.

 

 

You either WIN or LEARN! You LOSE only when you don't TRY.

View solution in original post

5 REPLIES 5
AEK
SuperUser
SuperUser

Hi Mike

The best option is to use SD-WAN.

You can start here.

https://docs.fortinet.com/document/fortigate/7.4.3/administration-guide/889544/sd-wan-quick-start

AEK
AEK
mpatel
Staff
Staff

Hello Mike,

 

You can use "Maximize Bandwidth (SLA)" to take advantage of full bandwidth on both links. You can then have your servers use whichever link you prefer (with other link as backup) using other SLA methods that SDWAN has to offer.

 

https://docs.fortinet.com/document/fortigate/6.2.16/cookbook/708464/sd-wan-rules-maximize-bandwidth-...

 

You either WIN or LEARN! You LOSE only when you don't TRY.
justAnotheradmin
New Contributor

Hi guys,

 

I shall add that I absolutely not require nor want load-balancing or optimization of the bandwidth.

Those are 2 separate routers for multiple separated usages.

Backstory : I want to create a new service with a new server, and I want it to go on the New router only because the new router has higher bandwith than the old one. But since i'm talking about a live data center, I want nothing to change on the old router. The services that go through it will continue to do so.

Mike.

mpatel

If you do not want to make any changes to the existing policies/routes and any references associated with the interfaces connected to he OLD router then what you mentioned in your origin post would be the way to go.

Add another default route 0.0.0.0 -> interface going from forti to the NEW ISP router

and create policies using this interface? However keep in mind you will have to maintain both routes in the routing table with same distance and different priority. This will require policy routes to govern outbound traffic over preferred interfaces.

 

 

You either WIN or LEARN! You LOSE only when you don't TRY.
AEK

Even if you don't want load-balancing or optimization of the bandwidth, SD-WAN remains your best option.

AEK
AEK
Labels
Top Kudoed Authors